AI Threat Alert
Attack Type
DoS
Denial of service attacks against AI systems exploit resource-intensive operations — large model inference, excessive tokenization, or recursive agent loops — to exhaust compute resources.
525
Total CVEs
27
Pages
Page 26 of 27
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-10572 | H2O-3: unauthenticated AST parser enables DoS + file write | 7.5 | |
| MEDIUM | CVE-2024-52524 | Giskard: ReDoS in text perturbation causes DoS | - | |
| MEDIUM | CVE-2024-2965 | langchain-community: DoS via recursive sitemap loop | langchain | 4.2 |
| CRITICAL | CVE-2026-33660 | TensorFlow: type confusion NPD in tensor conversion | n8n | 10.0 |
| MEDIUM | CVE-2026-29070 | open-webui: missing authz allows cross-KB file deletion | open-webui | 5.4 |
| HIGH | CVE-2026-34445 | ONNX: property overwrite via crafted model file | onnx | 8.6 |
| MEDIUM | CVE-2026-34756 | vLLM: DoS via unbounded n parameter causes OOM crash | vllm | 6.5 |
| CRITICAL | CVE-2026-0545 | MLflow: auth bypass in job API enables unauthenticated RCE | mlflow | 9.1 |
| MEDIUM | CVE-2026-34755 | vLLM: OOM DoS via unbounded video frame decoding | vllm | 6.5 |
| MEDIUM | CVE-2026-34052 | ltiauthenticator: OAuth nonce leak causes server DoS | 5.9 | |
| MEDIUM | GHSA-rxmx-g7hr-8mx4 | OpenClaw: Zalo webhook dedup collision silently drops events | openclaw | - |
| MEDIUM | GHSA-5hff-46vh-rxmw | OpenClaw: read-only scope bypass kills agent sessions | openclaw | - |
| MEDIUM | GHSA-4p4f-fc8q-84m3 | openclaw: iOS bridge bypass enables unauthorized agent runs | openclaw | - |
| LOW | GHSA-fqrj-m88p-qf3v | OpenClaw: cross-account webhook event suppression | openclaw | - |
| MEDIUM | GHSA-wwfp-w96m-c6x8 | OpenClaw: pairing DoS blocks account onboarding | openclaw | - |
| MEDIUM | GHSA-h43v-27wg-5mf9 | OpenClaw: pre-auth signature bypass enables pairing DoS | openclaw | - |
| MEDIUM | GHSA-4g5x-2jfc-xm98 | openclaw: media download bypass exhausts disk storage | openclaw | - |
| MEDIUM | CVE-2026-39411 | LobeChat: auth bypass via forged XOR obfuscated header | @lobehub/lobehub | 5.0 |
| MEDIUM | GHSA-ccx3-fw7q-rr2r | openclaw: base64 pre-alloc bypass causes resource exhaustion | openclaw | - |
| LOW | GHSA-25wv-8phj-8p7r | OpenClaw: auth rate-limit bypass via async race condition | openclaw | - |